Skip to content
/ captail Public

tail -f for binary and pcap files

Notifications You must be signed in to change notification settings

vma/captail

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

captail

This is a 'tail -f' implementation for streaming pcap files.

Adds a pcap header at the begining and starts streaming after the first \r\n\r\n to match with a new bodyless sip packet.

Unfortunately, there is no easy way to match a pcap packet beginning in the middle of a stream: the record packet starts with a timestamp and ends with the data, without any marker or delimitor.

example usage

$ captail -h
$ captail dump.pcap | ngrep -qt -W byline -I-

btail

Plain binary tail -f without any pcap knowledge.

About

tail -f for binary and pcap files

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published